xen/arm: smmu: move phys_addr_t definition to linux-compat.h
Both smmu and smmu-v3 (ported from Linux) define the typedef name
"phys_addr_t": move the type definition to the common header
linux-compat.h to address violations of MISRA C:2012 Rule 5.6
("A typedef name shall be a unique identifier").
No functional change.
Suggested-by: Jan Beulich <jbeulich@suse.com> Suggested-by: Julien Grall <julien@xen.org> Signed-off-by: Federico Serafini <federico.serafini@bugseng.com> Acked-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Julien Grall <jgrall@amazon.com>
AMD/IOMMU: address violations of MISRA C:2012 Rule 8.2
Add missing parameter names to address violations of MISRA C:2012
Rule 8.2. Remove trailing spaces and use C standard types to comply
with XEN coding style. No functional change.
Michal Orzel [Thu, 23 Nov 2023 14:53:02 +0000 (15:53 +0100)]
xen/arm: page: Avoid pointer overflow on cache clean & invalidate
On Arm32, after cleaning and invalidating the last dcache line of the top
domheap page i.e. VA = 0xfffff000 (as a result of flushing the page to
RAM), we end up adding the value of a dcache line size to the pointer
once again, which results in a pointer arithmetic overflow (with 64B line
size, operation 0xffffffc0 + 0x40 overflows to 0x0). Such behavior is
undefined and given the wide range of compiler versions we support, it is
difficult to determine what could happen in such scenario.
Modify clean_and_invalidate_dcache_va_range() as well as
clean_dcache_va_range() and invalidate_dcache_va_range() due to similarity
of handling to prevent pointer arithmetic overflow. Modify the loops to
use an additional variable to store the index of the next cacheline.
Add an assert to prevent passing a region that wraps around which is
illegal and would end up in a page fault anyway (region 0-2MB is
unmapped). Lastly, return early if size passed is 0.
Note that on Arm64, we don't have this problem given that the max VA
space we support is 48-bits.
This is XSA-447 / CVE-2023-46837.
Signed-off-by: Michal Orzel <michal.orzel@amd.com> Reviewed-by: Julien Grall <jgrall@amazon.com>
Henry Wang [Thu, 7 Dec 2023 16:20:36 +0000 (00:20 +0800)]
MAINTAINERS: Hand over the release manager role to Oleksii Kurochko
I've finished the opportunity to do two releases (4.17 and 4.18)
and Oleksii Kurochko has volunteered to be the next release manager.
Hand over the role to him by changing the maintainership of the
CHANGELOG.md.
Signed-off-by: Henry Wang <Henry.Wang@arm.com> Acked-by: Julien Grall <jgrall@amazon.com> Acked-by: Oleksii Kurochko <oleksii.kurochko@gmail.com>
Juergen Gross [Mon, 11 Dec 2023 13:16:16 +0000 (14:16 +0100)]
xen: remove asm/unaligned.h
With include/xen/unaligned.h now dealing properly with unaligned
accesses for all architectures, asm/unaligned.h can be removed and
users can be switched to include xen/unaligned.h instead.
Signed-off-by: Juergen Gross <jgross@suse.com> Reviewed-by: Jan Beulich <jbeulich@suse.com>
Juergen Gross [Mon, 11 Dec 2023 13:16:15 +0000 (14:16 +0100)]
xen: make include/xen/unaligned.h usable on all architectures
Instead of defining get_unaligned() and put_unaligned() in a way that
is only supporting architectures allowing unaligned accesses, use the
same approach as the Linux kernel and let the compiler do the
decision how to generate the code for probably unaligned data accesses.
Update include/xen/unaligned.h from include/asm-generic/unaligned.h of
the Linux kernel.
The generated code has been checked to be the same on x86.
Modify the Linux variant to not use underscore prefixed identifiers,
avoid unneeded parentheses and drop the 24-bit accessors.
Juergen Gross [Mon, 11 Dec 2023 13:16:14 +0000 (14:16 +0100)]
xen/arm: set -mno-unaligned-access compiler option for Arm32
As the hypervisor is disabling unaligned accesses for Arm32, set the
-mno-unaligned-access compiler option for building. This will prohibit
unaligned accesses when e.g. accessing 2- or 4-byte data items in
packed data structures.
Juergen Gross [Thu, 23 Nov 2023 16:08:34 +0000 (17:08 +0100)]
tools/xenstored: potentially split trace_io() out message
Today write_messages() will call trace_io() after having written the
complete message to the ring buffer or socket.
In case the message can't be written in one go, split it by writing
one trace entry when starting the write and one when finishing it.
In order to distinguish a complete OUT message from a split one, let the
caller of trace_io specify the prefix string ("IN", "OUT", "OUT(START)",
"OUT(END)") directly instead via an int.
The xen sources contain violations of MISRA C:2012 Rule 14.4 whose
headline states:
"The controlling expression of an if statement and the controlling
expression of an iteration-statement shall have essentially Boolean type".
Struct domain member is_dying is an anonymous enum designed to act as boolean.
Add deviation to mark its uses in controlling expressions as deliberate.
Juergen Gross [Mon, 4 Dec 2023 15:23:21 +0000 (16:23 +0100)]
xen/sched: do some minor cleanup of sched_move_domain()
Do some minor cleanups:
- Move setting of old_domdata and old_units next to each other
- Drop incrementing unit_idx in the final loop of sched_move_domain()
as it isn't used afterwards
- Rename new_p to new_cpu and unit_p to unit_cpu
Signed-off-by: Juergen Gross <jgross@suse.com> Reviewed-by: George Dunlap <george.dunlap@cloud.com>
Juergen Gross [Mon, 4 Dec 2023 15:23:20 +0000 (16:23 +0100)]
xen/sched: fix sched_move_domain()
Do cleanup in sched_move_domain() in a dedicated service function,
which is called either in error case with newly allocated data, or in
success case with the old data to be freed.
This will at once fix some subtle bugs which sneaked in due to
forgetting to overwrite some pointers in the error case.
Fixes: 70fadc41635b ("xen/cpupool: support moving domain between cpupools with different granularity") Reported-by: René Winther Højgaard <renewin@proton.me> Initial-fix-by: Jan Beulich <jbeulich@suse.com> Initial-fix-by: George Dunlap <george.dunlap@cloud.com> Signed-off-by: Juergen Gross <jgross@suse.com> Reviewed-by: Jan Beulich <jbeulich@suse.com> Acked-by: George Dunlap <george.dunlap@cloud.com>
Michal Orzel [Thu, 7 Dec 2023 10:14:32 +0000 (11:14 +0100)]
xen/arm: bootfdt: Check return code of device_tree_for_each_node()
As a result of not checking the return code of device_tree_for_each_node()
in boot_fdt_info(), any error occured during early FDT parsing does not
stop Xen from booting. This can result in an unwanted behavior in later
boot stages. Fix it by checking the return code and panicing on an error.
Juergen Gross [Tue, 21 Nov 2023 11:40:46 +0000 (12:40 +0100)]
tools/xenstored: remove the "-P" command line option
The "-P" command line option just results in printing the PID of the
xenstored daemon to stdout before stdout is being closed. The same
information can be retrieved from the PID file via the "-F" option.
Juergen Gross [Tue, 21 Nov 2023 11:40:45 +0000 (12:40 +0100)]
tools/xenstored: remove "-V" command line option
The "-V" (verbose) command line option is nearly completely redundant
with "io" tracing. Just the time of the printed data is a little bit
different, while the tracing is more informative.
Jan Beulich [Thu, 7 Dec 2023 07:33:55 +0000 (08:33 +0100)]
x86/DMI: adjustments to comply with Misra C:2012 Rule 9.3
The rule demands that all array elements be initialized (or dedicated
initializers be used). Introduce a small set of macros to allow doing so
without unduly affecting use sites (in particular in terms of how many
elements .matches[] actually has; right now there's no use of
DMI_MATCH4(), so we could even consider reducing the array size to 3).
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
Julien Grall [Tue, 5 Dec 2023 18:32:26 +0000 (18:32 +0000)]
Only compile the hypervisor with -Wdeclaration-after-statement
Right now, all tools and hypervisor will be complied with the option
-Wdeclaration-after-statement. While most of the code in the hypervisor
is controlled by us, for tools we may import external libraries.
The build will fail if one of them are using the construct we are
trying to prevent. This is the case when building against Python 3.12
and Yocto:
| In file included from /srv/storage/alex/yocto/build-virt/tmp/work/core2-64-poky-linux/xen-tools/4.17+stable/recipe-sysroot/usr/include/python3.12/Python.h:44,
| from xen/lowlevel/xc/xc.c:8:
| /srv/storage/alex/yocto/build-virt/tmp/work/core2-64-poky-linux/xen-tools/4.17+stable/recipe-sysroot/usr/include/python3.12/object.h: In function 'Py_SIZE':
| /srv/storage/alex/yocto/build-virt/tmp/work/core2-64-poky-linux/xen-tools/4.17+stable/recipe-sysroot/usr/include/python3.12/object.h:233:5: error: ISO C90 forbids mixed declarations and code [-Werror=declaration-after-statement]
| 233 | PyVarObject *var_ob = _PyVarObject_CAST(ob);
| | ^~~~~~~~~~~
| In file included from /srv/storage/alex/yocto/build-virt/tmp/work/core2-64-poky-linux/xen-tools/4.17+stable/recipe-sysroot/usr/include/python3.12/Python.h:53:
| /srv/storage/alex/yocto/build-virt/tmp/work/core2-64-poky-linux/xen-tools/4.17+stable/recipe-sysroot/usr/include/python3.12/cpython/longintrepr.h: In function '_PyLong_CompactValue':
| /srv/storage/alex/yocto/build-virt/tmp/work/core2-64-poky-linux/xen-tools/4.17+stable/recipe-sysroot/usr/include/python3.12/cpython/longintrepr.h:121:5: error: ISO C90 forbids mixed declarations and code [-Werror=declaration-after-statement]
| 121 | Py_ssize_t sign = 1 - (op->long_value.lv_tag & _PyLong_SIGN_MASK);
| | ^~~~~~~~~~
| cc1: all warnings being treated as errors
Looking at the tools directory, a fair few directory already add
-Wno-declaration-after-statement to inhibit the default behavior.
We have always build the hypervisor with the flag, so for now remove
only the flag for anything but the hypervisor. We can decide at later
time whether we want to relax.
Also remove the -Wno-declaration-after-statement in some subdirectory
as the flag is now unnecessary.
Part of the commit message was take from Alexander's first proposal:
Link: https://lore.kernel.org/xen-devel/20231128174729.3880113-1-alex@linutronix.de/ Reported-by: Alexander Kanavin <alex@linutronix.de> Acked-by: Anthony PERARD <anthony.perard@citrix.com> Acked-by: Andrew Cooper <andrew.cooper3@citrix.com> Tested-by: Jason Andryuk <jandryuk@gmail.com> Signed-off-by: Julien Grall <jgrall@amazon.com>
Jan Beulich [Wed, 6 Dec 2023 09:25:21 +0000 (10:25 +0100)]
x86/DMI: adjustments to comply with Misra C:2012 Rule 9.3
The rule demands that all array elements be initialized (or dedicated
initializers be used). Introduce a small set of macros to allow doing so
without unduly affecting use sites (in particular in terms of how many
elements .matches[] actually has; right now there's no use of
DMI_MATCH4(), so we could even consider reducing the array size to 3).
Note that DMI_MATCH() needs adjustment because of the comma included in
its expansion, which - due to being unparenthesized - would otherwise
cause macro arguments in the "further replacement" step to be wrong.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
xen/pci: address violations of MISRA C:2012 Rule 8.2
Add missing parameter names to address violations of MISRA C:2012
Rule 8.2. Furthermore, use C standard types to comply with XEN coding style.
No functional change.
Jan Beulich [Wed, 6 Dec 2023 09:22:46 +0000 (10:22 +0100)]
x86/vPIC: vpic_elcr_mask() master bit 2 control
Master bit 2 is treated specially: We force it set, but we don't expose
the bit being set to the guest. While right now the read and write
handling can easily use the fixed mask, the restore input checking that
is about to be put in place wants to use the inverted mask to prove that
no bits are unduly set. That will require master bit 2 to be set. Otoh
the read path requires the bit to be clear (the bit can have either
value for the use on the write path). Hence allow use sites control over
that bit.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>
Jan Beulich [Wed, 6 Dec 2023 09:21:51 +0000 (10:21 +0100)]
x86/HVM: introduce hvm_get_entry()
... to accompany hvm_read_entry() when actual copying isn't desirable.
This allows to remove open-coded stream accesses from hpet_load(),
along with using the helper in hvm_load() itself.
Since arch_hvm_load()'s declaration would need changing, and since the
function is not used from elsewhere, purge the declaration. With that it
makes little sense to keep arch_hvm_save()'s around; convert that
function to static then at the same time.
In hpet_load() simplify the specific case of error return that's in
context anyway: There's no need to hold the lock when only updating a
local variable.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>
Simone Ballarin [Fri, 24 Nov 2023 17:29:41 +0000 (18:29 +0100)]
automation/eclair: tag function calls to address violations of MISRA C:2012 Rule 13.1
Rule 13.1: Initializer lists shall not contain persistent side effects
Invocations of functions in initializer lists cause violations of rule
13.1 if the called functions are not tagged with __attribute_pure__ or
__attribute_const__ as they can produce persistent side effects.
Handling these violations with attributes is not always possible: the
pure and const attributes may cause unwanted and potentially dangerous
optimisations.
To avoid this problem ECLAIR allows using the same attributes in the
-call_properties setting. Additionally, it adds the noeffect attribute
with the following definition:
"like pure but can also read volatile variable not triggering side effects"
These patch tags some functions used in initializer lists to address
violations of Rule 13.1.
Nicola Vetrini [Mon, 4 Dec 2023 18:23:11 +0000 (19:23 +0100)]
docs/misra: deviate deliberately unused labels
The labels marked with __maybe_unused are either used only
in certain build configurations or deliberately unused.
See the justification in docs/misra/deviations.rst.
Andrew Cooper [Tue, 5 Dec 2023 21:54:25 +0000 (21:54 +0000)]
CI: Fix fallout from adding elfutils-dev to the build container
Commit 948e03303138 ("automation/alpine: add elfutils-dev") had an unintended
consequence of causing Qemu to gain a runtime dependency on libdw.so
The {adl,zen3p}-pci-hvm-x86-64-gcc-debug tests, which are the only two tests
that run the built Qemu, started failing with:
Error loading shared library libdw.so.1: No such file or directory (needed by /usr/local/lib/xen/bin/qemu-system-i386)
Error relocating /usr/local/lib/xen/bin/qemu-system-i386: dwfl_begin: symbol not found
Update the test container with libelf to cope.
While editing the runtime dependency list, fix up two other problems. texinfo
isn't a runtime dependency, and we should be using xz itself, not it's
development libraries. Both changes shrink the initrd used for tests.
Fixes: 948e03303138 ("automation/alpine: add elfutils-dev") Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
Nicola Vetrini [Tue, 5 Dec 2023 16:31:23 +0000 (17:31 +0100)]
ns16550: remove partial explicit initializer
The initializer of 'ns16550_com' violates MISRA C Rule 9.3
because it explicitly initializes only the first element of the array,
but the semantics is the same if the explicit initialization is
omitted.
No functional change.
Signed-off-by: Nicola Vetrini <nicola.vetrini@bugseng.com> Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>
Roger Pau Monne [Tue, 28 Nov 2023 10:03:49 +0000 (11:03 +0100)]
automation/alpine: add elfutils-dev
In preparation for adding some livepatch-build-tools test update the Alpine
container to also install elfutils-dev.
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> Acked-by: Stefano Stabellini <sstabellini@kernel.org> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Michal Orzel [Mon, 27 Nov 2023 14:41:55 +0000 (15:41 +0100)]
ubsan: Introduce CONFIG_UBSAN_FATAL to panic on UBSAN failure
Introduce the CONFIG_UBSAN_FATAL option to cater to scenarios where prompt
attention to undefined behavior issues, notably during CI test runs, is
essential. When enabled, this option causes Xen to panic upon detecting
UBSAN failure (as the last step in ubsan_epilogue()).
Signed-off-by: Michal Orzel <michal.orzel@amd.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
If rangeset_new() fails, err would not be set to an appropriate error
code. Set it to -ENOMEM.
Fixes: 580c458699e3 ("xen/domain: Call arch_domain_create() as early as possible in domain_create()") Signed-off-by: Stewart Hildebrand <stewart.hildebrand@amd.com> Reviewed-by: Jan Beulich <jbeulich@suse.com>
Currently, Xen vPCI only supports virtualizing the MSI and MSI-X capabilities.
Hide all other PCI capabilities (including extended capabilities) from domUs for
now, even though there may be certain devices/drivers that depend on being able
to discover certain capabilities.
We parse the physical PCI capabilities linked list and add vPCI register
handlers for the next elements, inserting our own next value, thus presenting a
modified linked list to the domU.
Introduce helper functions vpci_hw_read8 and vpci_read_val. The vpci_read_val
helper function returns a fixed value, which may be used for read as zero
registers, or registers whose value doesn't change.
Introduce pci_find_next_cap_ttl() helper while adapting the logic from
pci_find_next_cap() to suit our needs, and implement the existing
pci_find_next_cap() in terms of the new helper.
Rename init_bars() to init_header() since it is now doing more than initializing
BARs.
Signed-off-by: Stewart Hildebrand <stewart.hildebrand@amd.com> Reviewed-by: Roger Pau Monné <roger.pau@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com>
Introduce a handler for the PCI status register, with ability to mask
the capabilities bit. The status register contains RsvdZ bits,
read-only bits, and write-1-to-clear bits. Additionally, we use RsvdP to
mask the capabilities bit. Introduce bitmasks to handle these in vPCI.
If a bit in the bitmask is set, then the special meaning applies:
ro_mask: read normal, guest write ignore (preserve on write to hardware)
rw1c_mask: read normal, write 1 to clear
rsvdp_mask: read as zero, guest write ignore (preserve on write to hardware)
rsvdz_mask: read as zero, guest write ignore (write zero to hardware)
The RO/RW1C/RsvdP/RsvdZ naming and definitions were borrowed from the
PCI Express Base 6.1 specification. RsvdP/RsvdZ bits help Xen enforce
our view of the world. Xen preserves the value of read-only bits on
write to hardware, discarding the guests write value. This is done in
case hardware wrongly implements R/O bits as R/W.
The mask_cap_list flag will be set in a follow-on change.
Signed-off-by: Stewart Hildebrand <stewart.hildebrand@amd.com> Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>
Fix violations by adding missing const qualifier in cast.
Fix violations by removing unnecessary cast.
Change type of operands from char* to uintptr_t: uintptr_t is
the appropriate type for memory address operations.
No functional changes.
Signed-off-by: Maria Celeste Cesario <maria.celeste.cesario@bugseng.com> Signed-off-by: Simone Ballarin <simone.ballarin@bugseng.com> Acked-by: Jan Beulich <jbeulich@suse.com> Acked-by: Julien Grall <jgrall@amazon.com>
Juergen Gross [Tue, 5 Dec 2023 08:57:38 +0000 (09:57 +0100)]
xen/sched: fix adding offline cpu to cpupool
Trying to add an offline cpu to a cpupool can crash the hypervisor,
as the probably non-existing percpu area of the cpu is accessed before
the availability of the cpu is being tested. This can happen in case
the cpupool's granularity is "core" or "socket".
Fix that by testing the cpu to be online.
Fixes: cb563d7665f2 ("xen/sched: support core scheduling for moving cpus to/from cpupools") Reported-by: René Winther Højgaard <renewin@proton.me> Signed-off-by: Juergen Gross <jgross@suse.com> Reviewed-by: Jan Beulich <jbeulich@suse.com>
Jan Beulich [Tue, 5 Dec 2023 08:57:05 +0000 (09:57 +0100)]
x86emul: avoid triggering event related assertions
The assertion at the end of x86_emulate_wrapper() as well as the ones
in x86_emul_{hw_exception,pagefault}() can trigger if we ignore
X86EMUL_EXCEPTION coming back from certain hook functions. Squash
exceptions when merely probing MSRs, plus on SWAPGS'es "best effort"
error handling path.
In adjust_bnd() add another assertion after the read_xcr(0, ...)
invocation, paralleling the one in x86emul_get_fpu() - XCR0 reads should
never fault when XSAVE is (implicitly) known to be available.
Also update the respective comment in x86_emulate_wrapper().
Fixes: 14a6be89ec04 ("x86emul: correct EFLAGS.TF handling") Fixes: cb2626c75813 ("x86emul: conditionally clear BNDn for branches") Fixes: 6eb43fcf8a0b ("x86emul: support SWAPGS") Reported-by: AFL Signed-off-by: Jan Beulich <jbeulich@suse.com> Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>
Juergen Gross [Tue, 5 Dec 2023 08:56:08 +0000 (09:56 +0100)]
xen/public: fix flexible array definitions
Flexible arrays in public headers can be problematic with some
compilers.
With XEN_FLEX_ARRAY_DIM there is a mechanism available to deal with
this issue, but care must be taken to not change the affected structs
in an incompatible way.
So bump __XEN_LATEST_INTERFACE_VERSION__ and introduce a new macro
XENPV_FLEX_ARRAY_DIM which will be XENPV_FLEX_ARRAY_DIM with the
interface version being new enough and "1" (the value used today in
the affected headers) when the interface version is an old one.
Replace the arr[1] instances (this includes the ones seen to be
problematic in recent Linux kernels [1]) with arr[XENPV_FLEX_ARRAY_DIM]
in order to avoid compilation errors.
x86/p2m: address a violation of MISRA C:2012 Rule 8.3
Make function declaration and definition consistent changing
parameter name from "gpfn" to "gfn".
For consistency, rename also "old_gpfn" to "old_gfn".
No functional change.
Signed-off-by: Federico Serafini <federico.serafini@bugseng.com> Reviewed-by: Jan Beulich <jbeulich@suse.com>
x86/p2m: preparation work for xenmem_add_to_physmap_one()
The objective is to use parameter name "gfn" for
xenmem_add_to_physmap_one().
Since the name "gfn" is currently used as identifier for a local
variable, bad things could happen if new uses of such variable are
committed while a renaming patch is waiting for the approval.
To avoid such danger, as first thing rename the local variable from
"gfn" to "gmfn", in line with XENMAPSPACE_gmfn which is the only
space it is used with.
No functional change.
Signed-off-by: Federico Serafini <federico.serafini@bugseng.com> Reviewed-by: Jan Beulich <jbeulich@suse.com>
Michal Orzel [Thu, 30 Nov 2023 09:57:57 +0000 (10:57 +0100)]
xen/arm: Move static event channel feature to a separate module
Move static event channel feature related code to a separate module
(static-evtchn.{c,h}) in the spirit of fine granular configuration, so
that the feature can be disabled if not needed.
Introduce Kconfig option CONFIG_STATIC_EVTCHN, enabled by default (to
keep the current behavior) dependent on CONFIG_DOM0LESS. While it could
be possible to create a loopback connection for dom0 only, this use case
does not really need this feature and all the docs and commit messages
refer explicitly to the use in dom0less system.
The only function visible externally is alloc_static_evtchn(), so move
the prototype to static-evtchn.h and provide a stub in case a feature
is disabled. Guard static_evtchn_created in struct dt_device_node as
well as its helpers.
xen/iommu: address violations of MISRA C:2012 Rule 8.2
Add missing parameter names to address violations of MISRA C:2012
Rule 8.2 and remove uses of u{8,16,32} in favor of C standard types.
No functional change.
Signed-off-by: Federico Serafini <federico.serafini@bugseng.com> Acked-by: Jan Beulich <jbeulich@suse.com>
Simone Ballarin [Thu, 30 Nov 2023 17:04:53 +0000 (18:04 +0100)]
automation/eclair: improve scheduled analyses
The scheduled analyses are intended to maintain an overall vision
of the MISRA complaince of the entire project. For this reason,
the file exclusions in "out_of_scope.ecl" should not be applied.
This patch amends ECLAIR settings to prevent exempting files for
scheduled analyses.
Michal Orzel [Fri, 24 Nov 2023 12:09:07 +0000 (13:09 +0100)]
automation: Switch u-boot boot command to bootz for arm32 tests
Thanks to recent changes added to ImageBuilder to support the bootz
command, which allows obtaining the effective image size (including NOLOAD
sections) from the zImage header, switch the BOOT_CMD for arm32 tests to
bootz. Among other scenarios, this change will enable us, in the future,
to add tests with UBSAN enabled Xen, which would otherwise fail due to
incorrect image placement resulting in overlapping.
Signed-off-by: Michal Orzel <michal.orzel@amd.com> Acked-by: Stefano Stabellini <sstabellini@kernel.org>
Nicola Vetrini [Fri, 17 Nov 2023 08:53:25 +0000 (09:53 +0100)]
automation/eclair: make the docs for MISRA C:2012 Dir 4.1 visible to ECLAIR
To be able to check for the existence of the necessary subsections in
the documentation for MISRA C:2012 Dir 4.1, ECLAIR needs to have a source
file that is built.
This file is generated from 'C-runtime-failures.rst' in docs/misra
and the configuration is updated accordingly.
Roger Pau Monne [Tue, 28 Nov 2023 17:41:31 +0000 (18:41 +0100)]
xen/livepatch: fix livepatch tests
The current set of in-tree livepatch tests in xen/test/livepatch started
failing after the constify of the payload funcs array, and the movement of the
status data into a separate array.
Fix the tests so they respect the constness of the funcs array and also make
use of the new location of the per-func state data.
Fixes: 82182ad7b46e ('livepatch: do not use .livepatch.funcs section to store internal state') Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> Acked-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Ross Lagerwall <ross.lagerwall@citrix.com>
Roger Pau Monne [Tue, 28 Nov 2023 17:11:50 +0000 (18:11 +0100)]
cirrus-ci: update FreeBSD versions
FreeBSD 14.0 has already been released, so switch to the release version image,
and introduce a FreeBSD 15.0 version to track current FreeBSD unstable
(development) branch.
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> Acked-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Stefano Stabellini <sstabellini@kernel.org>
Michal Orzel [Wed, 29 Nov 2023 09:06:45 +0000 (10:06 +0100)]
xen/arm64: Move print_reg macro to asm/arm64/macros.h
Macro print_reg is used to print a value of a register passed as an
argument. While today it is only used from within the common head.S,
in the future we might want to make use of it from other files, just
like PRINT(). It also serves as a great aid when debugging.
Expose print_reg macro by moving it to asm/arm64/macros.h and:
- rename putn to asm_putn to denote the usage from assembly only,
- use ENTRY() for asm_putn to make it globally visible.
This way the behavior will be consistent with what we already do on arm32.
Take the opportunity to get rid of unneeded stubs for early_puts,
init_uart and putn since the calls to them are already protected by
respective #ifdef CONFIG_EARLY_PRINTK.
The patch introduces generic percpu.h which was based on Arm's version
with the following changes:
* makes __per_cpu_data_end[] constant
* introduce get_per_cpu_offset() for macros this_cpu() and this_cpu_ptr()
* add inclustion of <asm/current.h> as get_per_cpu_offset() is located there.
Also it was changed a place where <asm/percpu.h> is included in <xen/percpu.h>
because asm-generic version of percpu.h started to include <asm/current.h> which
requires definition of DECLARE_PER_CPU.
As well the patch switches Arm, PPC and x86 architectures to use asm-generic
version of percpu.h.
Oleksii Kurochko [Wed, 29 Nov 2023 09:07:02 +0000 (10:07 +0100)]
xen/asm-generic: introduce stub header paging.h
The patch introduces generic paging.h header for Arm, PPC and
RISC-V.
All mentioned above architectures use hardware virt extensions
and hardware pagetable extensions thereby it makes sense to set
paging_mode_translate and paging_mode_external by default.
Also in this patch Arm and PPC architectures are switched to
generic paging.h header.
Both Intel and AMD manuals agree that in x2APIC mode, the APIC LDR and ID
registers are derivable from each other through a fixed formula.
Xen uses that formula, but applies it to vCPU IDs (which are sequential)
rather than x2APIC IDs (which are not, at the moment). As I understand it,
this is an attempt to tightly pack vCPUs into clusters so each cluster has
16 vCPUs rather than 8, but this is a spec violation.
This patch fixes the implementation so we follow the x2APIC spec for new
VMs, while preserving the behaviour (buggy or fixed) for migrated-in VMs.
While touching that area, remove the existing printk statement in
vlapic_load_fixup() (as the checks it performed didn't make sense in x2APIC
mode and wouldn't affect the outcome) and put another printk as an else
branch so we get warnings trying to load nonsensical LDR values we don't
know about.
Fixes: f9e0cccf7b35 ("x86/HVM: fix ID handling of x2APIC emulation") Signed-off-by: Alejandro Vallejo <alejandro.vallejo@cloud.com> Reviewed-by: Roger Pau Monné <roger.pau@citrix.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
projects / people / royger / xen.git / log